cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

signing certificate expiration and apps

%3CLINGO-SUB%20id%3D%22lingo-sub-788242%22%20slang%3D%22en-US%22%3Esigning%20certificate%20expiration%20and%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-788242%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Team%2C%20The%20cert%20that%20we%20planning%20to%20use%20would%20be%20valid%20for%202%20years.%20What%20will%20happen%20after%20it%20expires%3F%20Do%20we%20need%20to%20ignore%20the%20expiry%20dates%20of%20the%20certificates%20while%20injecting%20into%20the%20package%20during%20its%20creation%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-788983%22%20slang%3D%22en-US%22%3ERe%3A%20signing%20certificate%20expiration%20and%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-788983%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F382781%22%20target%3D%22_blank%22%3E%40Prashant_Patale%3C%2FA%3E%26nbsp%3BI%20moved%20this%20item%20to%20a%20conversation%20as%20well%20so%20other%20can%20follow%20along.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20highly%20recommend%20time%20stamping%20the%20app%20when%20signing.%26nbsp%3B%20If%20you%20use%20time%20stamping%20the%20apps%20will%20continue%20to%20deploy%20after%20the%20cert%20expires%2C%20without%20it%20you%20will%20need%20to%20resign%20you%20package.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMore%20information%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fmsix%2Fpackage%2Fsigning-package-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fmsix%2Fpackage%2Fsigning-package-overview%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EJohn%20Vintzel%20(%3CA%20href%3D%22http%3A%2F%2Ftwitter.com%2Fjvintzel%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%40jvintzel%3C%2FA%3E)%3C%2FP%3E%0A%3CP%3EPM%20Lead%2C%20MSIX%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-802630%22%20slang%3D%22en-US%22%3ERe%3A%20signing%20certificate%20expiration%20and%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-802630%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F73899%22%20target%3D%22_blank%22%3E%40John%20Vintzel%3C%2FA%3E%26nbsp%3BThank%20you%20for%20the%20details%20John.%20This%20is%20really%20helpful.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1370443%22%20slang%3D%22en-US%22%3ERe%3A%20signing%20certificate%20expiration%20and%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1370443%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F73899%22%20target%3D%22_blank%22%3E%40John%20Vintzel%3C%2FA%3E%26nbsp%3Bwe%20have%20a%20customer%20that%20would%20like%20to%20outsource%20the%20packaging%20of%20apps%20with%20MSIX%20to%20a%20provider.%20They%20plan%20to%20offer%20a%20certificate%20-%20which%20will%20be%20used%20by%20the%20provide%20to%20sign%20packages%20-%20and%20they%20have%20asked%20what%20happens%20when%20they%20revoke%20that%20certificate%20%2C%20will%20installations%20initiated%20after%20the%20revocation%20date%20still%20work%3F%20Is%20this%20process%20influenced%20by%20TSA%20aswell%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1372227%22%20slang%3D%22en-US%22%3ERe%3A%20signing%20certificate%20expiration%20and%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1372227%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F382172%22%20target%3D%22_blank%22%3E%40WesleeJKN0487%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20a%20certificate%20is%20revoked%2C%20previous%20installations%20and%20any%20future%20attempts%20will%20no%20longer%20be%20trusted.%20The%20timestamp%20does%20not%20matter%20if%20the%20certificate%20is%20revoked%2C%20only%20if%20the%20certificate%20expires.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%2C%3C%2FP%3E%0A%3CP%3ESharla%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1372821%22%20slang%3D%22en-US%22%3ERe%3A%20signing%20certificate%20expiration%20and%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1372821%22%20slang%3D%22en-US%22%3EVery%20valuable%20info%2C%20thank%20you%20Sharla.%3C%2FLINGO-BODY%3E
Prashant_Patale
New Contributor

‎Aug 05 2019 07:34 AM - last edited on ‎Aug 05 2019 12:57 PM by

‎Aug 05 2019 07:34 AM - last edited on ‎Aug 05 2019 12:57 PM by

signing certificate expiration and apps

Hello Team, The cert that we planning to use would be valid for 2 years. What will happen after it expires? Do we need to ignore the expiry dates of the certificates while injecting into the package during its creation?

773 Views
0 Likes
5 Replies
Reply
5 Replies
best response confirmed by John Vintzel (Microsoft)
John Vintzel

‎Aug 05 2019 12:59 PM

‎Aug 05 2019 12:59 PM

Solution

Re: signing certificate expiration and apps

@Prashant_Patale I moved this item to a conversation as well so other can follow along.

 

We highly recommend time stamping the app when signing.  If you use time stamping the apps will continue to deploy after the cert expires, without it you will need to resign you package.

 

More information here: https://docs.microsoft.com/en-us/windows/msix/package/signing-package-overview

 

John Vintzel (@jvintzel)

PM Lead, MSIX

1 Like
Reply
Prashant_Patale

‎Aug 13 2019 06:39 AM

‎Aug 13 2019 06:39 AM

Re: signing certificate expiration and apps

@John Vintzel Thank you for the details John. This is really helpful.

0 Likes
Reply
WesleeJKN0487

‎May 07 2020 09:16 AM - edited ‎May 07 2020 09:17 AM

‎May 07 2020 09:16 AM - edited ‎May 07 2020 09:17 AM

Re: signing certificate expiration and apps

@John Vintzel we have a customer that would like to outsource the packaging of apps with MSIX to a provider. They plan to offer a certificate - which will be used by the provide to sign packages - and they have asked what happens when they revoke that certificate , will installations initiated after the revocation date still work? Is this process influenced by TSA aswell?

0 Likes
Reply
Sharla Akers

‎May 07 2020 04:19 PM

‎May 07 2020 04:19 PM

Re: signing certificate expiration and apps

Hi @WesleeJKN0487,

 

If a certificate is revoked, previous installations and any future attempts will no longer be trusted. The timestamp does not matter if the certificate is revoked, only if the certificate expires. 

 

Best,

Sharla 

1 Like
Reply
WesleeJKN0487

‎May 08 2020 12:18 AM

‎May 08 2020 12:18 AM

Re: signing certificate expiration and apps

Very valuable info, thank you Sharla.
0 Likes
Reply